CVE-2023-7028: 
GitLab vulnerability analysis and mitigation

A critical vulnerability (CVE-2023-7028) was discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2. The vulnerability allows user account password reset emails to be delivered to an unverified email address, potentially leading to account takeover (GitLab Release).

The vulnerability is related to a weak password recovery mechanism where attackers could manipulate the password reset functionality by intercepting and modifying the password reset request. The vulnerability has received a Critical severity rating with a CVSS v3.1 score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N). The issue was introduced in GitLab version 16.1.0 on May 1, 2023, as part of changes made to allow users to reset their password through a secondary email address (GitLab Release).

The vulnerability allows attackers to potentially take over GitLab accounts by changing passwords without user interaction, simply by knowing the victim's email address. Users with two-factor authentication enabled are partially protected, as while their password could be reset, the second authentication factor would still be required for login (GitLab Release).

GitLab has released security patches for all affected versions. Organizations are strongly advised to upgrade to versions 16.1.6, 16.2.9, 16.3.7, 16.4.5, 16.5.6, 16.6.4, or 16.7.2 or newer. Additional recommended security measures include enabling Two-Factor Authentication (2FA) for all GitLab accounts, especially for users with elevated privileges, and rotating all secrets stored in GitLab including credentials, API tokens, and certificates (GitLab Release).